{"id":1007,"date":"2014-01-05T15:34:40","date_gmt":"2014-01-05T19:34:40","guid":{"rendered":"http:\/\/blog.bitsofgenius.com\/?p=1007"},"modified":"2014-01-05T15:34:40","modified_gmt":"2014-01-05T19:34:40","slug":"user-beware-the-hidden-gotchas-of-the-verizon-fios-service","status":"publish","type":"post","link":"https:\/\/blog.bitsofgenius.com\/?p=1007","title":{"rendered":"User beware: the hidden gotchas of the Verizon FIOS service"},"content":{"rendered":"

Verizon FIOS is a fiber-optic system capable of delivering very fast internet feeds to residential consumers, in addition to its TV service. With upload speeds in excess of 25Mb, and download speeds in excess of 50Mb (its currently capable of 150Mb), you would think that this service beats cable internet and DSL internet hands down.<\/p>\n

Well, speed-wise it does. \u00a0But there are quite a few gotchas, including some not so apparent security risks. If you are not a casual residential user of the service and take the time to login to the router , you’ll quickly discover the Actiontec router provided by Verizon is a flashy, poorly designed child’s toy. \u00a0While the hardware is solid, the choice of firmware is dismal and, in my opinion, more than a bit dangerous. \u00a0It looks and behaves like someone’s abandoned science project, which was picked up and finished by the marketing department at Verizon. \u00a0There is no common sense whatsoever in its design or user-experience.<\/p>\n

And worse, the firmware\u00a0also initiates strange connections to Verizon servers, which make me question the router’s security and integrity. \u00a0Since I am engineer, I find it appalling what Verizon gives out as a core piece of the network in a user’s home–especially in light of the recently-revealed NSA eavesdropping and network penetration efforts and, before that, the years of black-ops efforts on the net to seize control of networks for bot armies, industrial espionage, monetary theft, etc, etc.<\/p>\n

The real test of a good internet connection is not only the speed and how much your network can do for you, but more importantly how much people outside of your home network don’t have a chance to compromise it and, even worse, take control of it. Verizon FiOS architecture fails, quite frankly, very miserably on both of these accounts. Here’s a specific set of reasons why, broken down by the level of importance.<\/span><\/p>\n

Security and Network Ownership\/Management<\/em><\/p>\n

The Actiontec router has two network interfaces for the WAN (Internet-facing) connection. One is coax, and one is ethernet. \u00a0The box is setup by the installer with the coax connection, because the box is designed to work with the DVR unit to access the network for TV program information, etc. And, surprise surprise, the DVR only has a coax connection to access the internet.<\/p>\n

This is a very subtle, and very dirty trick to dissuade users from disconnecting the Actiontec router and putting in their own router. Publicly-available routers are known to use standard Cat 5 network connections, so a standard router won’t directly support a connection to the DVR. So this quagmire of giving up your onscreen programming guide to use your own router is created. \u00a0Most average users will give-in to using Verizon’s router because they don’t want to give up the programming guide on the TV, and don’t have the knowledge of how to work around that with their own router.<\/p>\n

Verizon, for any number of reasons, would love to control the traffic on their network–even to the extent of managing their company assigned router inside your house to enforce their corporate policy and thinking. \u00a0This is a very dangerous way of looking at the internet, which is designed for a free-flow of information. \u00a0I have documented a legal move made by Verizon in the past in this related post here<\/a>, written a few months back, which\u00a0demonstrates why this is their motive.<\/p>\n

In addition to the business trick of discouraging alternate router usage, there are also some additional, open ports on the Actiontec router which indicate that it is\/can be centrally managed. \u00a0Centrally managed means the router can be exposing its settings. logs or even receive remote firmware upgrades at the will of Verizon. \u00a0This would violate the cardinal rule I have for any piece of electronic equipment which I own: updates allowed only when I am notified and approve.<\/p>\n

While some people will argue that this means a security hole can be patched quickly across the network, the converse is also true. \u00a0Because a large set of routers are available to a central management system, an intruder with ill-intent could potentially put a compromised firmware into that system for distribution. \u00a0Less aggressively, a release of firmware which has an undiscovered problem could potentially take thousands, if not millions of households offline at one time.<\/p>\n

And worse, because Verizon is a publicly traded company, the problem could be concealed, or described in a more generic form as a “network issue we are working to resolve” to mask the real cause of the problem in an attempt to protect stock values. \u00a0In the open source world, which DD-WRT is a part of, many people contribute, test, openly write about and scrutinize the software. \u00a0Because of the openness, the user has enough information to decide if an upgrade to their router is appropriate. \u00a0And if they decide an upgrade is appropriate, they decide upon the time.<\/p>\n

Even if DD-WRT were compromised, the chances of it being discovered and exposed are far greater due to its very open, public nature. \u00a0Not so with Verizon’s approach.<\/p>\n

The Awful User Experience of the Actiontec Router’s web management interface.<\/em><\/p>\n

In some ways, there are too many pain points in this browser interface to list. \u00a0But I will list the ones that stand out to me.<\/p>\n